LastPass Vulnerable To Extremely Simple Phishing Attack

An anonymous reader writes: Security researcher Sean Cassidy has developed a fairly trivial attack on the LastPass password management service that allows attackers an easy method for collecting the victim's master password. He developed a tool called LostPass that automates phishing attacks against LastPass, and even allows attackers to collect password vaults from the LastPass API.

Re:after reading the details, this is significant

[ArmoredDragon]

Lastpass is an addon/extension overlay, meaning there is no URL.